1 files changed, 45 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch b/recipes-security/refpolicy/refpolicy/0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch
new file mode 100644
index 0000000..76278c9
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch
@@ -0,0 +1,45 @@
+From 0656c4b988cb700f322fb03e6639fe0b64e08d63 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Fri, 15 Nov 2019 11:25:34 +0800
+Subject: [PATCH] fc/usermanage: apply policy to usermanage alternatives
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/admin/usermanage.fc | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
+index 620eefc6f..6a051f8a5 100644
+--- a/policy/modules/admin/usermanage.fc
+++ b/policy/modules/admin/usermanage.fc
+@@ -4,7 +4,9 @@ ifdef(`distro_debian',`
+ 
+ /usr/bin/chage         --      gen_context(system_u:object_r:passwd_exec_t,s0)
+ /usr/bin/chfn          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+/usr/bin/chfn\.shadow          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+ /usr/bin/chsh          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+/usr/bin/chsh\.shadow          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+ /usr/bin/crack_[a-z]*  --      gen_context(system_u:object_r:crack_exec_t,s0)
+ /usr/bin/cracklib-[a-z]* --    gen_context(system_u:object_r:crack_exec_t,s0)
+ /usr/bin/gpasswd       --      gen_context(system_u:object_r:groupadd_exec_t,s0)
+@@ -14,6 +16,7 @@ ifdef(`distro_debian',`
+ /usr/bin/grpconv       --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
+ /usr/bin/grpunconv     --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
+ /usr/bin/passwd                --      gen_context(system_u:object_r:passwd_exec_t,s0)
+/usr/bin/passwd\.shadow                --      gen_context(system_u:object_r:passwd_exec_t,s0)
+ /usr/bin/pwconv                --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
+ /usr/bin/pwunconv      --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
+ /usr/bin/useradd       --      gen_context(system_u:object_r:useradd_exec_t,s0)
+@@ -39,6 +42,7 @@ ifdef(`distro_debian',`
+ /usr/sbin/usermod      --      gen_context(system_u:object_r:useradd_exec_t,s0)
+ /usr/sbin/vigr         --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
+ /usr/sbin/vipw         --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
+/usr/sbin/vipw\.shadow         --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
+ 
+ /usr/share/cracklib(/.*)?      gen_context(system_u:object_r:crack_db_t,s0)
+ 
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch b/recipes-security/refpolicy/refpolicy/0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch new file mode 100644 index 0000000..76278c9 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch
@@ -0,0 +1,45 @@
	1	From 0656c4b988cb700f322fb03e6639fe0b64e08d63 Mon Sep 17 00:00:00 2001
	2	From: Yi Zhao <yi.zhao@windriver.com>
	3	Date: Fri, 15 Nov 2019 11:25:34 +0800
	4	Subject: [PATCH] fc/usermanage: apply policy to usermanage alternatives
	5
	6	Upstream-Status: Inappropriate [embedded specific]
	7
	8	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	9	---
	10	policy/modules/admin/usermanage.fc \| 4 ++++
	11	1 file changed, 4 insertions(+)
	12
	13	diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
	14	index 620eefc6f..6a051f8a5 100644
	15	--- a/policy/modules/admin/usermanage.fc
	16	+++ b/policy/modules/admin/usermanage.fc
	17	@@ -4,7 +4,9 @@ ifdef(`distro_debian',`
	18
	19	/usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0)
	20	/usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0)
	21	+/usr/bin/chfn\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0)
	22	/usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0)
	23	+/usr/bin/chsh\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0)
	24	/usr/bin/crack_[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0)
	25	/usr/bin/cracklib-[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0)
	26	/usr/bin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0)
	27	@@ -14,6 +16,7 @@ ifdef(`distro_debian',`
	28	/usr/bin/grpconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
	29	/usr/bin/grpunconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
	30	/usr/bin/passwd -- gen_context(system_u:object_r:passwd_exec_t,s0)
	31	+/usr/bin/passwd\.shadow -- gen_context(system_u:object_r:passwd_exec_t,s0)
	32	/usr/bin/pwconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
	33	/usr/bin/pwunconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
	34	/usr/bin/useradd -- gen_context(system_u:object_r:useradd_exec_t,s0)
	35	@@ -39,6 +42,7 @@ ifdef(`distro_debian',`
	36	/usr/sbin/usermod -- gen_context(system_u:object_r:useradd_exec_t,s0)
	37	/usr/sbin/vigr -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
	38	/usr/sbin/vipw -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
	39	+/usr/sbin/vipw\.shadow -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
	40
	41	/usr/share/cracklib(/.*)? gen_context(system_u:object_r:crack_db_t,s0)
	42
	43	--
	44	2.17.1
	45